mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-23 06:05:27 +00:00
virt-aa-helper: disallow VNC socket read permissions
The VM does not need read permission for its own VNC socket to create(), bind(), accept() connections or to receive(), send(), etc. on connections. https://bugzilla.redhat.com/show_bug.cgi?id=1312573
This commit is contained in:
parent
272c622475
commit
ab9569e546
@ -1062,7 +1062,7 @@ get_files(vahControl * ctl)
|
||||
for (i = 0; i < ctl->def->ngraphics; i++) {
|
||||
if (ctl->def->graphics[i]->type == VIR_DOMAIN_GRAPHICS_TYPE_VNC &&
|
||||
ctl->def->graphics[i]->data.vnc.socket &&
|
||||
vah_add_file(&buf, ctl->def->graphics[i]->data.vnc.socket, "rw"))
|
||||
vah_add_file(&buf, ctl->def->graphics[i]->data.vnc.socket, "w"))
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user